$3.3M Settlement Resolves Data Breach Lawsuit Against Mt. Baker Imaging & Northwest Radiologists
Mt. Baker Imaging and Northwest Radiologists have agreed to pay $3,300,000 to settle a consolidated class action lawsuit stemming from a January 2025 ransomware attack and data breach affecting hundreds of thousands of patients.
Mt. Baker Imaging is a Washington-based medical imaging provider that uses Northwest Radiologists for interpreting medical images. In January 2025, a cyberattack was identified, and the forensic investigation determined that an unauthorized third party accessed its network between January 20, 2025, and January 25, 2025, and obtained files containing names, contact information, dates of birth, Social Security numbers, driver’s license or state identification card numbers, treatment or diagnosis information, and health insurance information. The data breach was reported to the Washington Attorney General as affecting 348,118 state residents, and the HHS’ Office for Civil Rights was informed that the protected health information of up to 362,713 individuals was compromised in the incident.
Multiple class action lawsuits were filed in response to the data breach, which were consolidated in a single complaint – In re: Mt. Baker Imaging, LLC, Data Security Litigation – in the Superior Court of the State of Washington for Whatcom County. The lawsuit alleged that the defendants failed to implement and maintain necessary data security safeguards, and asserted claims for negligence, breach of implied contract, invasion of privacy-intrusion upon seclusion, unjust enrichment, and violations of the Uniform Health Care Information Act, Washington Consumer Protection Act, Washington Data Breach Notification Disclosure Law, and Washington My Health My Data Act.
The defendants and the plaintiffs disagree about the legal claims made in the litigation; however, all parties agreed that a settlement was the best outcome, due to the benefits provided to the class members and the avoidance of the costs, risks, and uncertainty of continuing with the litigation. The defendants have agreed to establish a $3,300,000 settlement fund to cover attorneys’ fees and expenses, settlement administration and notification costs, and service awards for the nine class representatives. The remainder of the settlement fund will be used to pay benefits to approximately 340,184 class members.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
All class members are entitled to claim a two-year membership to a medical identity theft protection and monitoring service, and may submit claims for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member, and claim a pro rata cash payment. The pro rata cash payments will distribute the net amount of the settlement fund after costs, expenses, claims, and medical identity theft protection and monitoring costs have been paid.
The deadline for objection and exclusion is July 20, 2026, and claims must be submitted by August 19, 2026. The settlement has received preliminary approval from the court, and the final fairness hearing has been scheduled for August 21, 2026.
